Functional ACK, it works for me. It can be pushed if Python gurus are
okay
with
the code.

Is it safe to commit the change given that bind-dyndb-ldap still crash
when
"."
is removed? Wouldn't it break our CI tests?
Maybe we should wait until fixed bind-dydnb-ldap is released.
Hopefully it
would be soon.
Martin
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

It will broke tests, don't push it until bind-dyndb-ldap is fixed.
Currently I'm testing bind-dyndb-ldap related patch.

Added patches 120 and 121, which are required by DNS to work correctly.
Patches 120 and 121 add all DNS replicas to zone apex as NS,
--name-server
option doesn't add NS record, only changes the SOA MNAME attribute
Original and new patches attached.

...
Is there any risk in filling that with default as any other attribute? IMO
it would simplify adding zones for one more redundant step. CCing Rob in
case he knows some historical reasons why this is requested every time.
Martin

There is no risk, because ipa-replica-prepare do that with default values

Then let us do this, as we are already simplifying the dnszone-add command.

However, this will not work with root zone ".", and I'm not sure how often an
admin email is used. I think whois is better utility to get contact email.
Also RIPE-203 [1] recommends to use 'hostmaster' alias.
[1] http://www.ripe.net/ripe/docs/ripe-203

This will likely generate tons of invalid e-mail addresses which is somehow
unfortunate.
Please keep in mind that:
1) E-mail hostmaster@ipa.domain.example. will be useful only if
ipa.domain.example. has MX record or at least A/AAAA record (which is usually
not the case for domains).
2) WHOIS is not useful for internal domains which is the main deployment
scenario for IPA, right?

DNS zone "." is quite an exception, you are not adding that zone every day. So
I would not keep asking for admin mail just for this one. You can add a
interactive prompt callback to ask in this case and otherwise just use the
default - up to you.
As for the mail alias, this can be an RFE.

It would be nice to have some IPA-global default like 'DNS administrator
e-mail address' and to use this value for all DNS zones by default.

+1

Please file an RFE for this part (requires schema update, doc update, ...). For